Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f2a37c-a129-4c0b-9ed1-b18dac2d259b/1/K_MyGvHR4IdSBZBjdPl8MukbNFk.roa
File:                     K_MyGvHR4IdSBZBjdPl8MukbNFk.roa (raw, json)
Hash identifier:          HrMHQD3uVG8sdR811mtsQpZxidNNmctDC5Taskmcc7A=
Subject key identifier:   2B:F3:32:1A:F1:D1:E0:87:52:05:90:63:74:F9:7C:32:E9:1B:34:59
Certificate issuer:       /CN=4f7d885393b32b5eee3a0bf4338e0faaef3c753c
Certificate serial:       0194236A2F43DD872A0702BB54E3BA2227C8
Authority key identifier: 4F:7D:88:53:93:B3:2B:5E:EE:3A:0B:F4:33:8E:0F:AA:EF:3C:75:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T32IU5OzK17uOgv0M44Pqu88dTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f2a37c-a129-4c0b-9ed1-b18dac2d259b/1/K_MyGvHR4IdSBZBjdPl8MukbNFk.roa
Signing time:             Wed 01 Jan 2025 19:49:09 +0000
ROA not before:           Wed 01 Jan 2025 19:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        37.221.72.0/22 maxlen: 24
                          2a09:ea00::/40 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f2a37c-a129-4c0b-9ed1-b18dac2d259b/1/T32IU5OzK17uOgv0M44Pqu88dTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f2a37c-a129-4c0b-9ed1-b18dac2d259b/1/T32IU5OzK17uOgv0M44Pqu88dTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T32IU5OzK17uOgv0M44Pqu88dTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2f:43:dd:87:2a:07:02:bb:54:e3:ba:22:27:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f7d885393b32b5eee3a0bf4338e0faaef3c753c
        Validity
            Not Before: Jan  1 19:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bf3321af1d1e0875205906374f97c32e91b3459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:91:fc:8a:f2:1e:5c:a6:be:4a:af:22:0f:8e:
                    6a:8a:4f:e5:0d:0a:b5:9a:e4:46:de:78:97:4a:a7:
                    bc:01:21:ea:3f:7f:c8:62:e9:df:f1:4f:a5:4b:f8:
                    50:a9:a5:09:bf:f6:e4:a8:86:04:43:af:b7:ac:26:
                    24:ef:18:76:9e:c6:e7:24:94:e9:f2:76:74:02:c9:
                    8d:7c:0c:ab:b0:6d:12:26:d8:8f:aa:1c:f9:4a:61:
                    9f:db:3d:07:9c:f8:aa:c8:de:58:02:ff:a4:68:03:
                    db:89:46:70:0d:c7:1d:97:42:6f:bb:53:c0:bb:3d:
                    6e:6d:eb:da:f9:13:ba:58:2c:07:69:09:3b:2e:60:
                    04:c9:e2:87:e0:50:8c:df:ed:ae:c7:03:6f:49:66:
                    26:06:71:69:56:eb:eb:68:c8:5a:84:8d:92:d0:c3:
                    49:f8:55:75:00:dd:52:aa:8b:23:cd:21:fd:0b:7f:
                    8c:38:0f:93:bd:6a:6c:e4:04:80:0b:2f:ce:a2:38:
                    94:d2:c5:5f:26:8c:e9:0b:57:44:9d:5b:f1:d9:ac:
                    10:0e:50:2e:e2:39:90:b2:60:7e:ab:f4:16:a3:3d:
                    cf:ae:9e:b2:6c:2a:99:cf:81:55:68:69:1b:e4:2e:
                    de:e6:01:40:bd:48:54:47:37:cd:df:e3:4e:e0:0e:
                    d7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F3:32:1A:F1:D1:E0:87:52:05:90:63:74:F9:7C:32:E9:1B:34:59
            X509v3 Authority Key Identifier:
                keyid:4F:7D:88:53:93:B3:2B:5E:EE:3A:0B:F4:33:8E:0F:AA:EF:3C:75:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T32IU5OzK17uOgv0M44Pqu88dTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f2a37c-a129-4c0b-9ed1-b18dac2d259b/1/K_MyGvHR4IdSBZBjdPl8MukbNFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f2a37c-a129-4c0b-9ed1-b18dac2d259b/1/T32IU5OzK17uOgv0M44Pqu88dTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.72.0/22
                IPv6:
                  2a09:ea00::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:4a:47:68:8b:d5:4a:3e:97:dc:25:9a:ab:6c:2c:cf:aa:aa:
         98:22:3c:02:2a:cb:89:19:f5:e5:c6:52:e0:59:4b:28:80:9c:
         ba:b6:27:83:93:f2:d8:d3:f4:70:1c:99:67:72:5d:d3:dc:cc:
         7c:27:5a:99:70:75:31:d5:84:52:50:c5:ef:8b:cf:81:37:ff:
         41:cd:f5:5a:64:ad:a2:8c:65:14:11:9e:af:38:c8:91:86:34:
         b1:37:39:e6:5f:e0:43:27:b6:57:56:1d:28:13:ad:f0:26:01:
         23:5a:c5:36:c3:e9:d6:1d:a1:50:10:69:25:3a:e3:39:26:5d:
         4a:ff:18:1d:e2:64:76:ae:c9:1c:e2:6b:1a:96:2f:71:a6:6a:
         96:3e:32:a5:c5:3f:ba:48:ee:3d:a0:61:42:60:80:9d:26:6b:
         f9:7c:79:d2:05:96:66:0c:a6:5a:ab:cc:f8:ad:62:74:25:95:
         7b:9d:8f:d4:14:9f:a8:55:9e:60:f0:b8:52:10:5e:03:03:71:
         79:fb:0f:7a:df:49:74:34:fd:45:0f:7c:fa:cc:2c:f9:27:d8:
         71:d2:45:b2:09:f5:e2:52:9c:88:88:0c:0c:f7:31:33:1c:c0:
         c5:89:bf:d2:df:77:cc:70:a4:aa:b7:27:d5:24:62:3a:e2:41:
         52:b7:98:02
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQjai9D3YcqBwK7VOO6IifIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmN2Q4ODUzOTNiMzJiNWVlZTNhMGJmNDMzOGUwZmFhZWYz
Yzc1M2MwHhcNMjUwMTAxMTk0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmYzMzIxYWYxZDFlMDg3NTIwNTkwNjM3NGY5N2MzMmU5MWIzNDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZH8ivIeXKa+Sq8iD45qik/lDQq1
muRG3niXSqe8ASHqP3/IYunf8U+lS/hQqaUJv/bkqIYEQ6+3rCYk7xh2nsbnJJTp
8nZ0AsmNfAyrsG0SJtiPqhz5SmGf2z0HnPiqyN5YAv+kaAPbiUZwDccdl0Jvu1PA
uz1ubeva+RO6WCwHaQk7LmAEyeKH4FCM3+2uxwNvSWYmBnFpVuvraMhahI2S0MNJ
+FV1AN1SqosjzSH9C3+MOA+TvWps5ASACy/OojiU0sVfJozpC1dEnVvx2awQDlAu
4jmQsmB+q/QWoz3Prp6ybCqZz4FVaGkb5C7e5gFAvUhURzfN3+NO4A7XqwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCvzMhrx0eCHUgWQY3T5fDLpGzRZMB8GA1UdIwQY
MBaAFE99iFOTsyte7joL9DOOD6rvPHU8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDMySVU1T3pLMTd1T2d2ME00NFBxdTg4ZFR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mMmEzN2MtYTEyOS00YzBiLTllZDEt
YjE4ZGFjMmQyNTliLzEvS19NeUd2SFI0SWRTQlpCamRQbDhNdWtiTkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mMmEzN2MtYTEyOS00YzBiLTllZDEtYjE4ZGFjMmQyNTli
LzEvVDMySVU1T3pLMTd1T2d2ME00NFBxdTg4ZFR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCJd1IMA4E
AgACMAgDBgAqCeoAADANBgkqhkiG9w0BAQsFAAOCAQEAh0pHaIvVSj6X3CWaq2ws
z6qqmCI8AirLiRn15cZS4FlLKICcurYng5Py2NP0cByZZ3Jd09zMfCdamXB1MdWE
UlDF74vPgTf/Qc31WmStooxlFBGerzjIkYY0sTc55l/gQye2V1YdKBOt8CYBI1rF
NsPp1h2hUBBpJTrjOSZdSv8YHeJkdq7JHOJrGpYvcaZqlj4ypcU/ukjuPaBhQmCA
nSZr+Xx50gWWZgymWqvM+K1idCWVe52P1BSfqFWeYPC4UhBeAwNxefsPet9JdDT9
RQ98+sws+SfYcdJFsgn14lKciIgMDPcxMxzAxYm/0t93zHCkqrcn1SRiOuJBUreY
Ag==
-----END CERTIFICATE-----